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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 02/10/04. 07/02/04. 02/23/06 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-25 is/are pending in the application. 

4a) Of the above claim (s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 10 February 2004 is/are: a)D accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-25 are pending. 

Information Disclosure Statement 

2. IDS received 07/02/04 & 02/23/06 has been considered. (Except England reference) 

Drawings 

3. New corrected drawings in compliance with 37 CFR 1.121(d) are required in this 
application because submitted drawing FIG. 1 is informal. Applicant is advised to employ the 
services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark 
Office no longer prepares new drawings. The corrected drawings are required in reply to the 
Office action to avoid abandonment of the application. The requirement for corrected drawings 
will not be held in abeyance. Each drawing sheet submitted after the filing date of an application 
must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121(d). 



Claim Objections 

4. Claim 13 is objected to. Claim 13 recites, "The apparatus of claim 13. . .", should be - 
The apparatus of claim 12...- Replace '13' with '12'. 

Claims 7, 14, and 22 are confusing. The application computer program communicates 
with a remote process, said process located remotely from both said execution environment and 
operating system (first execution environment and second execution environment)? 
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Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

6. Claims 12 - 18 and 19-25 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. The terms "being operable to convert' in 
claim 12 and "capable of in claims 14 and 19 fail to provide a physical transformation, or 
useful, concrete and tangible result. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language, 

8. Claims 1-25 are rejected under 35 U.S.C. 102(e) as being anticipated by US Patent 
Application Publication 2005/0204348 Al to Horning et aL 

Per claim 1 : 

A process for modifying an application computer program, said application computer program 
configured in its unmodified form to execute within a first electronic execution environment, 
said process comprising: 
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Horning: [0006, [0008], binary code modification tool. . .perform obfuscating 
transformations. . .means for incorporating one or more tamper resistance mechanisms into the 
computer program 

identifying boundaries of a subsection of said application computer program; modifying said 
subsection of said application computer program to a form which, when executed within the first 
electronic execution environment, triggers an invocation of a second electronic execution 
environment different from said first execution environment; 

Horning: [0071-0072], obfuscation transformations to a target program procedures or modules 
[0090-0099], binary modification tools, identify basic blocks, procedures, inserrinstructions 
before and / or after other identified instructions, rewirte and / or modify, insert new 
functions... a 



and incorporating with said application computer program control information enabling 
execution of the application computer program in the second execution environment. 
Horning: [0081], obfuscated program will typically be functionally equivalent to the original 
program 
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Per claim 2: 

-wherein a boundary of said subsection is a flow control instruction. 
Horning: [0092-0094], basic blocks, procedures 

Per claim 3: 

-the first execution environment is a computer operating system and the second execution 
environment is a debugging environment. 

Horning: [0087], A variety of tools and techniques can be used to perform obfuscating 
transformation on a target computer program. [0594], provide internal tracing and debugging 
features. 

Per claim 4: 

-said step of modifying said subsection of said application computer program includes a step of 
adding an instruction that causes said operating system to transfer execution control to said 
debugging environment. 

Horning: [0072], a software self defense control program. . .including. . .obfuscation 
transformations. . .to a target program; procedures or modules for adding tamper resistance 
measures to target program; and / or procedures or modules for applying watermarks. . .[0594], 
Provide internal tracing and debugging features... for generating (encrypted) trace and debugging 
messages. . .will support failure diagnosis. . . 
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Per claim 5: 

-said step of modifying said subsection of said application computer program includes a step of 
encrypting at least a portion of said subsection of said application computer program file. 
Horning: [0073], cryptographic keys, encryption and decryption. . . [0096], ability to rewrite and 
/ or modify existing instructions [0116], by encrypting the program's code 

Per claim 6; 

-said step of modifying said subsection of said application computer program further includes a 
step of relocating at least a portion of said encrypted portion of said subsection to a location 
distinct from the location of the corresponding unmodified subsection of said application 
computer program. 

Horning: [0081], obfuscated program may demonstrate different space and time behavior 
[0099], ability to update other program sections such as the relocation information [0254], 
encrypting code sequences and inserting calls to, e.g., a support function that decrypts those code 
sequences prior to execution [0376], move pieces of code 

Per claim 7: 

-said step of modifying said subsection of said application computer program includes a step of 
adding functionality for the application computer program to communicate with a remote process 
not within either the first or second execution environments. 

Horning: [053 1-0533], External agents can send a key . . .tell it to calculate the MAC value for 
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the appropriate code region. . .Agent compares received MAC value. . .If the MAC values match 
then the SDP (self defense program) is deemed valid 

Per claim 8: 

-said remote process is a process that authorizes continued execution of the application computer 
program. 

Horning: [0532], deemed valid 
Per claim 9: 

-said remote process is a cryptographic key management process. 
Horning: [0531-0533], sending keys 

Per claim 10: 

-said application computer program communicates information about execution of said computer 
application program. 

Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection. . .connect to an external site. . .external tamper monitoring agent. 

Per claim 1 1 : 

-said information is information about tampering with said computer application program. 
Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection. . .connect to an external site. . .external tamper monitoring agent. 
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Per claim 12: 

An apparatus for executing an application computer program, comprised of: 
a computer with an operating system; 

an application computer program having a non-executable portion in a non-executable form; and 
an execution controller providing an execution environment distinct from said operating system, 
said execution controller being operable to convert the non-executable portion of the application 
program into a form that can be executed. 

Horning: Convert encrypted portion into a form that can be executed. [0073] 
Per claim 13: 

-the non-executable portion of the application computer program includes an encrypted portion. 
Horning: [0073] 

Per claim 14: 

-the application computer program includes a portion capable of communicating with a remote 
process not within either the operating system or the execution controller. 
See rejection of limitations addressed in claim 7 above. 

Per claim 15: 

-the remote process is a process that authorizes continued execution of the application computer 
program. 
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Horning: [0519], external site can inspect the watchdogs [0531], external agents force an DSP to 
prove its own validity using keys 

Per claim 16: 

-the remote process is a cryptographic key management process. 
See rejection of limitations addressed in claim 9 above. 

Per claim 17: 

-the application computer program includes a portion capable of communicating to the remote 
process information about execution of said computer application program. 
Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection. . .connect to an external site. . .external tamper monitoring agent. 

Per claim 18: 

-the information about execution of said computer application program is information about 
tampering with the computer application program. 
See rejection of claim 1 1 above. 

Per claim 19: 

A process for executing a computer application program, comprising the steps of: 
-launching an operating system; 
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-launching an application computer program, said application computer program having a non- 
executable portion in a non-executable form; 

-launching an execution controller, said execution controller providing an execution environment 
distinct from the operating system and capable of converting the non-executable portion of the 
application computer program to a form capable of execution; 

-executing the application computer program within the execution environment of the execution 
controller. 

See rejection of limitations addressed in claim 12 above. Using keys convert 'non-executable 
portion' (encrypted portion) to a form capable of execution 

Per claim 20: 

-the execution controller launches as a debugger. 

See rejection of limitations addressed in claim 3 above. 

Per claim 21: 

-the non-executable portion of the computer application program is in encrypted form. 
See rejection of limitations addressed in claim 13 above. 

Per claim 22: 

-the application computer program communicates with a remote process not under either the 

operating system or the execution controller. 

See rejection of limitations addressed in claim 7 above. 
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Per claim 23: 

-the remote process is part of a cryptographic key management process. 
See rejection of limitations addressed in claim 16 above. 

Per claim 24: 

-the application computer program communicates information to the remote process about 

execution of the application computer program. 

See rejection of limitations addressed in claim 17 above. 

Per claim 25: 

-the information is information about tampering with the application computer program. 
See rejection of limitations addressed in claims 1 1 & 18 above. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

USPN 6,701,439 Bl to Dunn 
In the case of a suspected hacker or intrusion by an unauthorized entity, 
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the fraud detection and nuisance reporting features 40 of the telecommunications switch 30 are 
employed to impede, discourage, and/or surveil the unauthorized entity. Ultimately, the hacker 
may be prosecuted under the wire fraud or harassment laws. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mary Steelman, whose telephone number is (571) 272-3704. The 
examiner can normally be reached Monday through Thursday, from 7:00 AM to 5:30 PM If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Wei 
Zhen can be reached at (571) 272-3708. The fax phone number for the organization where this 
application or proceeding is assigned: 571-273-8300. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the TC 2100 Group receptionist: 571-272-2100. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Mary Steelman A 



03/12/2007 




